Important Notice - Forums is archived
To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
Issue In Vaadin while using in Embeded
I have created my application in Vaadin 14 and I display that application in my website inside IFrame and It shows an error like Cookies are disabled.
This issue happens in Chrome as chrome introduce a new cookie flag SameSite for security reason.
Please follow the below step to reproduce the issue.
-
Download Chrome Canary , then install and launch it.
-
In Canary, navigate to chrome://settings/help and verify that you see Google Chrome is up to date, if not then update Canary.
-
Navigate to chrome://flags/#samesite and enable these three SameSite flags:
SameSite by default cookies
Enable removing SameSite=None cookies
Cookies without SameSite must be secure
So it is probably related to this
https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html
Could you open a ticket at https://github.com/vaadin/flow/issues and include simple test app
Tatu, I really appreciate for your response. I posted the issue in github please check below link. https://github.com/vaadin/flow/issues/7736
Tatu Lund: So it is probably related to this
https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html
Could you open a ticket at https://github.com/vaadin/flow/issues and include simple test app
Can you please tell me when the Vaadin creates the session cookies ?
JSESSION cookie is not created by Vaadin, but the container where the Vaadin app is being run. So you need check how it is configured in your setup depending on are you using Tomcat etc.
I solved that problem by making few changes on server configuration.
If you are using tomcat server than please add following lines to conf/context.xml file.
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" sameSiteCookies="None" />
If you are using spring boot embeded tomcat than you need to create configuration class like below
import org.apache.tomcat.util.http.LegacyCookieProcessor;
import org.apache.tomcat.util.http.SameSiteCookies;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class LegacyCookieProcessorConfiguration {
// tag::customizer[]
@Bean
public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() {
return (factory) -> factory.addContextCustomizers((context) -> {
LegacyCookieProcessor legacyCookieProcessor = new LegacyCookieProcessor();
legacyCookieProcessor.setSameSiteCookies(SameSiteCookies.NONE.getValue());
context.setCookieProcessor(legacyCookieProcessor);
});
}
// end::customizer[]
}
Imran Momin: I solved that problem by making few changes on server configuration.
If you are using tomcat server than please add following lines to conf/context.xml file.
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" sameSiteCookies="None" />
If you are using spring boot embeded tomcat than you need to create configuration class like below
import org.apache.tomcat.util.http.LegacyCookieProcessor; import org.apache.tomcat.util.http.SameSiteCookies; import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.boot.web.server.WebServerFactoryCustomizer; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class LegacyCookieProcessorConfiguration { // tag::customizer[] @Bean public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() { return (factory) -> factory.addContextCustomizers((context) -> { LegacyCookieProcessor legacyCookieProcessor = new LegacyCookieProcessor(); legacyCookieProcessor.setSameSiteCookies(SameSiteCookies.NONE.getValue()); context.setCookieProcessor(legacyCookieProcessor); }); } // end::customizer[] }
I only use HttpServletResponse response.addCookie(tokenCookie); It works
Imran Momin:
@Configuration public class LegacyCookieProcessorConfiguration { @Bean public WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() { return (factory) -> factory.addContextCustomizers((context) -> { LegacyCookieProcessor legacyCookieProcessor = new LegacyCookieProcessor(); legacyCookieProcessor.setSameSiteCookies(SameSiteCookies.NONE.getValue()); context.setCookieProcessor(legacyCookieProcessor); }); } }
Okay so this almost worked out of the box for me.
I have two profiles where one configures http and the other https. I could only run Irmans code while configuring https. If if run the code with http the login page reloads continiously in enormous speed.
So by limiting the above code with "@Profile("prod") // https
" it works.